Trueconf Server vulnerabilities
13 known vulnerabilities affecting trueconf/server.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2022-46764P2CRITICALCVSS 9.8fixed in 5.2.62022-12-27
CVE-2022-46764 [CRITICAL] CWE-89 CVE-2022-46764: A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows re
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
nvd
CVE-2022-46763P3HIGHCVSS 8.8fixed in 5.2.62022-12-27
CVE-2022-46763 [HIGH] CWE-89 CVE-2022-46763: A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.1
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
nvd
CVE-2017-20120P3HIGHCVSS 8.8v4.3.7.12219v4.3.7.12255+1 more2022-06-29
CVE-2017-20120 [HIGH] CWE-352 CVE-2017-20120: A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability aff
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-66824P3HIGHCVSS 8.7v5.5.2.108132025-12-30
CVE-2025-66824 [HIGH] CWE-79 CVE-2025-66824: A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attackers to achieve full Account Takeover (ATO). This issue is
nvd
CVE-2025-66834P3HIGHCVSS 7.3v5.5.2.108132025-12-30
CVE-2025-66834 [HIGH] CWE-1236 CVE-2025-66834: A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
nvd
CVE-2017-20119P4MEDIUMCVSS 6.1fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20119 [MEDIUM] CWE-601 CVE-2017-20119: A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an u
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2017-20118P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20118 [MEDIUM] CWE-80 CVE-2017-20118: A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by th
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be
nvd
CVE-2017-20114P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20114 [MEDIUM] CWE-80 CVE-2017-20114: A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerab
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and m
nvd
CVE-2017-20115P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20115 [MEDIUM] CWE-80 CVE-2017-20115: A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2017-20116P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20116 [MEDIUM] CWE-80 CVE-2017-20116: A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may
nvd
CVE-2025-66823P4MEDIUMCVSS 5.4v5.5.2.108132025-12-30
CVE-2025-66823 [MEDIUM] CWE-79 CVE-2025-66823: An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field a
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).
nvd
CVE-2017-20117P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20117 [MEDIUM] CWE-80 CVE-2017-20117: A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2017-20113P4MEDIUMCVSS 5.4fixed in 5.0.2v4.3.72022-06-29
CVE-2017-20113 [MEDIUM] CWE-80 CVE-2017-20113: A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affec
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd